Skip to main content
Vantyris

TLS

HTTPS for small business: how to enable it in 15 minutes.

Published 2026-04-19 · Last updated 2026-04-19 · Vantyris editorial

If your site loads on `http://` rather than `https://`, every modern browser shows your visitors a 'Not secure' warning before they see your content. Chrome blocks form submissions on HTTP. Your conversion rate suffers, your search ranking suffers, and any data your visitors send (login credentials, contact form details) travels the public internet in plain text. HTTPS is no longer optional, and getting it costs nothing.

What this means for your business

How to fix

Enable a Let's Encrypt certificate at your web host or Cloudflare, then set up the HTTP-to-HTTPS redirect so old links keep working.

  1. Check whether your host offers Let's Encrypt. Most modern hosts (Hostinger, SiteGround, WP Engine, Cloudways, Fly, Render, Vercel) include Let's Encrypt as a one-click toggle. Log in to your hosting control panel, find the SSL section, and look for `Let's Encrypt` or `Free SSL`.
  2. Turn it on. Click the toggle. Most hosts take 1-5 minutes to issue the certificate. You'll see a confirmation when it's active.
  3. Set the HTTP-to-HTTPS redirect. Now you have HTTPS, but visitors typing `http://yourdomain.com` will still hit the unencrypted version. Most hosts have a 'Force HTTPS' or 'HTTPS Redirect' toggle next to the SSL setting. Turn it on.
  4. Test it. Open an incognito browser and visit `http://yourdomain.com` (with `http://` explicitly). It should redirect to `https://yourdomain.com`. Check the padlock icon in the address bar.
  5. (Optional) Add HSTS. Once HTTPS works for a week or two, add a Strict-Transport-Security header. This tells browsers to never load your site over HTTP again, even if a visitor types `http://`. Most hosts let you add headers in the config; if not, your CDN (Cloudflare's free tier) can.

Owner: Your web host's support team. · Time: 15 minutes if your host supports Let's Encrypt natively.

Common gotchas

How to verify the fix

Run a Vantyris teaser scan; it confirms HTTPS is configured and the redirect is in place. Or paste your domain into ssllabs.com/ssltest for a detailed grade.

Cyber Essentials alignment

This finding informs the following UK NCSC Cyber Essentials control areas:

Vantyris is not a CE certifying body. The mapping above is informational.

Common follow-up questions

Do I need to pay for a 'real' certificate from a CA?

No. Let's Encrypt certificates are accepted by every modern browser and are technically equivalent to paid ones. Paid certs only add brand recognition (DigiCert, Sectigo) or extended validation (the green bar, which most browsers have removed).

Will enabling HTTPS slow my site down?

No, the opposite. HTTPS enables HTTP/2 and HTTP/3, which are faster than HTTP/1.1. Sites are measurably quicker after enabling HTTPS.

What if my certificate expires?

Let's Encrypt certs expire every 90 days and renew automatically via your host. If auto-renewal breaks, your host emails you. Set a calendar reminder if you want belt-and-braces.

References

Related explainers

Want Vantyris to scan your domain for this and 80 other findings?

Free teaser scan, no card. Verified scan from €10 with the full workspace around it: workflow, score trend, three PDF layouts, share links, monitoring.

Editorial

Vantyris editorial team · methodology v1.0.0